upgrade to apache-2.2.14_5 produces ssl failure

upgrade to apache-2.2.14_5 produces ssl failure

am 22.01.2010 12:00:17 von David Southwell

Can anyone please advise

System freebsd 7.2 p3 amd64 on intel quad core

Thanks in advance for advice on how to cure this

David
[Fri Jan 22 10:22:19 2010] [notice] caught SIGTERM, shutting down
[Fri Jan 22 10:38:10 2010] [info] Init: Seeding PRNG with 144 bytes of entropy
[Fri Jan 22 10:38:10 2010] [info] Loading certificate & private key of SSL-
aware server
[Fri Jan 22 10:38:10 2010] [info] Init: Requesting pass phrase via builtin
terminal dialog
[Fri Jan 22 10:38:16 2010] [debug] ssl_engine_pphrase.c(476): encrypted RSA
private key - pass phrase requested
[Fri Jan 22 10:38:16 2010] [info] Init: Wiped out the queried pass phrases
from memory
[Fri Jan 22 10:38:16 2010] [info] Init: Generating temporary RSA private keys
(512/1024 bits)
[Fri Jan 22 10:38:16 2010] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Fri Jan 22 10:38:16 2010] [info] Init: Initializing (virtual) servers for SSL
[Fri Jan 22 10:38:16 2010] [info] Configuring server for SSL protocol
[Fri Jan 22 10:38:16 2010] [debug] ssl_engine_init.c(414): Creating new SSL
context (protocols: SSLv2, SSLv3, TLSv1)
[Fri Jan 22 10:38:16 2010] [debug] ssl_engine_init.c(610): Configuring
permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:
+EXP:+eNULL]
[Fri Jan 22 10:38:16 2010] [debug] ssl_engine_init.c(370): Configuring TLS
extension handling
[Fri Jan 22 10:38:16 2010] [debug] ssl_engine_init.c(741): Configuring RSA
server certificate
[Fri Jan 22 10:38:16 2010] [warn] RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
[Fri Jan 22 10:38:16 2010] [debug] ssl_engine_init.c(780): Configuring RSA
server private key
[Fri Jan 22 10:38:16 2010] [info] mod_ssl/2.2.14 compiled against Server:
Apache/2.2.14, Library: OpenSSL/0.9.8l
[Fri Jan 22 10:38:16 2010] [info] mod_unique_id: using ip addr 62.49.197.50
[Fri Jan 22 10:38:17 2010] [info] Init: Seeding PRNG with 144 bytes of entropy
[Fri Jan 22 10:38:17 2010] [info] Loading certificate & private key of SSL-
aware server
[Fri Jan 22 10:38:17 2010] [info] www.vizion2000.net:443 reusing existing RSA
private key on restart
[Fri Jan 22 10:38:17 2010] [info] Init: Generating temporary RSA private keys
(512/1024 bits)
[Fri Jan 22 10:38:17 2010] [info] Init: Generating temporary DH parameters
(512/1024 bits)
[Fri Jan 22 10:38:17 2010] [debug] ssl_scache_shmcb.c(253): shmcb_init
allocated 512000 bytes of shared memory
[Fri Jan 22 10:38:17 2010] [debug] ssl_scache_shmcb.c(272): for 511920 bytes
(512000 including header), recommending 32 subcaches, 133 indexes each
[Fri Jan 22 10:38:17 2010] [debug] ssl_scache_shmcb.c(306): shmcb_init_memory
choices follow
[Fri Jan 22 10:38:17 2010] [debug] ssl_scache_shmcb.c(308): subcache_num = 32
[Fri Jan 22 10:38:17 2010] [debug] ssl_scache_shmcb.c(310): subcache_size =
15992
[Fri Jan 22 10:38:17 2010] [debug] ssl_scache_shmcb.c(312):
subcache_data_offset = 3208
[Fri Jan 22 10:38:17 2010] [debug] ssl_scache_shmcb.c(314): subcache_data_size
= 12784
[Fri Jan 22 10:38:17 2010] [debug] ssl_scache_shmcb.c(316): index_num = 133
[Fri Jan 22 10:38:17 2010] [info] Shared memory session cache initialised
[Fri Jan 22 10:38:17 2010] [info] Init: Initializing (virtual) servers for SSL
[Fri Jan 22 10:38:17 2010] [info] Configuring server for SSL protocol
[Fri Jan 22 10:38:17 2010] [debug] ssl_engine_init.c(414): Creating new SSL
context (protocols: SSLv2, SSLv3, TLSv1)
[Fri Jan 22 10:38:17 2010] [debug] ssl_engine_init.c(610): Configuring
permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:
+EXP:+eNULL]
[Fri Jan 22 10:38:17 2010] [debug] ssl_engine_init.c(370): Configuring TLS
extension handling
[Fri Jan 22 10:38:17 2010] [debug] ssl_engine_init.c(741): Configuring RSA
server certificate
[Fri Jan 22 10:38:17 2010] [warn] RSA server certificate is a CA certificate
(BasicConstraints: CA == TRUE !?)
[Fri Jan 22 10:38:17 2010] [debug] ssl_engine_init.c(780): Configuring RSA
server private key
[Fri Jan 22 10:38:17 2010] [info] mod_ssl/2.2.14 compiled against Server:
Apache/2.2.14, Library: OpenSSL/0.9.8l
[Fri Jan 22 10:38:19 2010] [notice] mod_python: Creating 8 session mutexes
based on 256 max processes and 0 max threads.
[Fri Jan 22 10:38:19 2010] [notice] mod_python: using mutex_directory /tmp
[Fri Jan 22 10:38:19 2010] [notice] Digest: generating secret for digest
authentication ...
[Fri Jan 22 10:38:19 2010] [notice] Digest: done
[Fri Jan 22 10:38:19 2010] [info] mod_unique_id: using ip addr 62.49.197.50
[Fri Jan 22 10:38:20 2010] [notice] Apache/2.2.14 (FreeBSD) mod_ssl/2.2.14
OpenSSL/0.9.8l DAV/2 PHP/5.2.12 with Suhosin-Patch mod_python/3.3.1
Python/2.6.4 mod_ruby/1.3.0 Ruby/1.8.7(2009-12-24) SVN/1.6.6 configured --
resuming normal operations
[Fri Jan 22 10:38:20 2010] [info] Server built: Jan 22 2010 10:35:52
[Fri Jan 22 10:38:20 2010] [debug] prefork.c(1013): AcceptMutex: flock
(default: flock)
[Fri Jan 22 10:39:33 2010] [info] server seems busy, (you may need to increase
StartServers, or Min/MaxSpareServers), spawning 8 children, there are 2 idle,
and 12 total children
[Fri Jan 22 10:39:35 2010] [info] [client ::1] Connection to child 10
established (server www.vizion2000.net:443)
[Fri Jan 22 10:39:35 2010] [info] Seeding PRNG with 144 bytes of entropy
[Fri Jan 22 10:39:35 2010] [debug] ssl_engine_kernel.c(1875): OpenSSL:
Handshake: start
[Fri Jan 22 10:39:35 2010] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop:
before/accept initialization
[Fri Jan 22 10:39:35 2010] [debug] ssl_engine_io.c(1858): OpenSSL: read 11/11
bytes from BIO#8124675c0 [mem: 812753000] (BIO dump follows)
[Fri Jan 22 10:39:35 2010] [debug] ssl_engine_io.c(1791):
+----------------------------------------------------------- --------------+
[Fri Jan 22 10:39:35 2010] [debug] ssl_engine_io.c(1830): | 0000: 4f 50 54 49
4f 4e 53 20-2a 20 48 OPTIONS * H |
[Fri Jan 22 10:39:35 2010] [debug] ssl_engine_io.c(1836):
+----------------------------------------------------------- --------------+
[Fri Jan 22 10:39:35 2010] [debug] ssl_engine_kernel.c(1912): OpenSSL: Exit:
error in SSLv2/v3 read client hello A
[Fri Jan 22 10:39:35 2010] [info] [client ::1] SSL library error 1 in
handshake (server www.vizion2000.net:443)
[Fri Jan 22 10:39:35 2010] [info] SSL Library Error: 336027900
error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking
not SSL to HTTPS port!?
[Fri Jan 22 10:39:35 2010] [info] [client ::1] Connection closed to child 10
with abortive shutdown (server www.vizion2000.net:443)
[Fri Jan 22 10:39:37 2010] [info] [client ::1] Connection to child 9
established (server www.vizion2000.net:443)
[Fri Jan 22 10:39:37 2010] [info] Seeding PRNG with 144 bytes of entropy
[Fri Jan 22 10:39:37 2010] [debug] ssl_engine_kernel.c(1875): OpenSSL:
Handshake: start
[Fri Jan 22 10:39:37 2010] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop:
before/accept initialization
[Fri Jan 22 10:39:37 2010] [debug] ssl_engine_io.c(1858): OpenSSL: read 11/11
bytes from BIO#8124675c0 [mem: 81275d000] (BIO dump follows)
[Fri Jan 22 10:39:37 2010] [debug] ssl_engine_io.c(1791):
+----------------------------------------------------------- --------------+
[Fri Jan 22 10:39:37 2010] [debug] ssl_engine_io.c(1830): | 0000: 4f 50 54 49
4f 4e 53 20-2a 20 48 OPTIONS * H |
[Fri Jan 22 10:39:37 2010] [debug] ssl_engine_io.c(1836):
+----------------------------------------------------------- --------------+
[Fri Jan 22 10:39:37 2010] [debug] ssl_engine_kernel.c(1912): OpenSSL: Exit:
error in SSLv2/v3 read client hello A
[Fri Jan 22 10:39:37 2010] [info] [client ::1] SSL library error 1 in
handshake (server www.vizion2000.net:443)
[Fri Jan 22 10:39:37 2010] [info] SSL Library Error: 336027900
error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking
not SSL to HTTPS port!?
[Fri Jan 22 10:39:37 2010] [info] [client ::1] Connection closed to child 9
with abortive shutdown (server www.vizion2000.net:443)
[Fri Jan 22 10:39:38 2010] [info] [client ::1] Connection to child 12
established (server www.vizion2000.net:443)
[Fri Jan 22 10:39:38 2010] [info] Seeding PRNG with 144 bytes of entropy

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: upgrade to apache-2.2.14_5 produces ssl failure

am 22.01.2010 19:50:01 von Justin Pasher

David Southwell wrote:
> [Fri Jan 22 10:39:35 2010] [debug] ssl_engine_kernel.c(1912): OpenSSL: Exit:
> error in SSLv2/v3 read client hello A
> [Fri Jan 22 10:39:35 2010] [info] [client ::1] SSL library error 1 in
> handshake (server www.vizion2000.net:443)
> [Fri Jan 22 10:39:35 2010] [info] SSL Library Error: 336027900
> error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking
> not SSL to HTTPS port!?
>

Are you sure that whatever is connecting via port 443 is actually using
the HTTPS protocol? Perhaps someone tries to access
http://www.vizion2000.net:443 ?

--
Justin Pasher
New Media Gateway
http://support.newmediagateway.com/

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org